mreish Posted March 28, 2007 Share Posted March 28, 2007 I think I'm ready for another round of tests and would love constructive input. About the site: The idea behind EV Circuit is to let people sign up and post links to their websites along with a short description. The design is based loosely on a template that I really like. I know some folks don't like templates and feel that they cause global warming, make you less of a man and are the reason why Leprechauns run the secret world wide government. I think those people have issues best resolved with professional help. This is not an exercise in design as much as it is an exercise in backend programming. User Accounts: If you'd like to test the signup part I'd be grateful. All DB tables will be emptied before the site goes live. If not, that's cool. Use the test account but please don't change the password so that others can try it out: Login Name: testuser Password: password What to Look For: I think I have all the inputs sanitized. This is my first real attempt at a DB driven site so I'm concerned about possible security breaches. Break it if you can! Known Issues: * The site's copy if filled with Lorem Ipsum. Real copy is slowing being placed. * If you hit reload after submitting a Contact email you'll just keep sending emails to me. I'm not sure how to stop this. The url is: http://www.evcircuit.com/index.php Note that if you leave off index.php you'll get the "not ready" html page. Thanks for your time! Link to comment https://forums.phpfreaks.com/topic/44582-critique-backendsecurityoverall-worthiness/ Share on other sites More sharing options...
obsidian Posted March 28, 2007 Share Posted March 28, 2007 Well, you are open to XSS attacks. I put in a test URL, and while you are screening your direct input, there is a subtle hole I was able to exploit. If you log in as your test user and check your settings page, you will see a popup alert that simply states "I'm in!" I was able to insert this simple javascript into the URL of the test site I submitted. I'm not going to post the details on here, but if you're interested to know exactly what I did to make it work, just PM me, and I'll walk you through it. Otherwise, it seems pretty solid. Link to comment https://forums.phpfreaks.com/topic/44582-critique-backendsecurityoverall-worthiness/#findComment-216698 Share on other sites More sharing options...
rcorlew Posted March 29, 2007 Share Posted March 29, 2007 It won't let me sign in to check it out. Hope you can get that xss fixed, pretty nasty stuff there *ugh* Link to comment https://forums.phpfreaks.com/topic/44582-critique-backendsecurityoverall-worthiness/#findComment-217289 Share on other sites More sharing options...
mreish Posted March 29, 2007 Author Share Posted March 29, 2007 Someone changed the password. I put it back to default. I believe I have XSS fixed. It also now checks to see if the URL is valid. Link to comment https://forums.phpfreaks.com/topic/44582-critique-backendsecurityoverall-worthiness/#findComment-217411 Share on other sites More sharing options...
Recommended Posts